Quick Tip: View the database size and mailbox count for mailbox databases

In this quick tip post I will show you how to retrieve mailbox database size and mailbox count for one or all mailboxes. Lets start with mailbox database size.

Mailbox database size

This command is quite simple and utilizes the –Status parameter in the Get-MailboxDatabase cmdlet:

Get-MailboxDatabase –Identity <MailboxDatabaseName> -Status | Select ServerName,Name,DatabaseSize

To retrieve the size of all mailbox databases:

Get-MailboxDatabase -Status | Select ServerName,Name,DatabaseSize

And if you want to sort this on DatabaseSize:

Get-MailboxDatabase -Status | Select ServerName,Name,DatabaseSize | Sort-Object DatabaseSize –Descending

And with sorting on the mailbox database name:

Get-MailboxDatabase -Status | Select ServerName,Name,DatabaseSize | Sort-Object Name –Descending

Mailbox count for mailbox databases

Now we will focus on counting mailbox databases. This command is also quite easy to use.

Get-Mailbox -ResultSize:Unlimited | Group-Object -Property:Database | Select-Object Name,Count | Sort-Object -Property:Count –Descending

Let’s break this up a bit… The first part is a ordinary Get-Mailbox cmdlet with -ResultSize:Unlimited to include all mailboxes:

Get-Mailbox -ResultSize:Unlimited

Then we group the objects from the result of the Get-Mailbox cmdlet on Database to be able to count based on each mailbox database:

Group-Object -Property:Database

Moving on with a selection of the properties we want to display including a count:

Select-Object Name,Count

And finally we sort the results based on the count property to get it in a nice list with the mailbox database with most mailboxes on top:

Sort-Object -Property:Count -Descending

Advertisements

One-liner to export mailbox size, quotas and more to a CSV file

I got a question form a friend if I could help and sort out a command that exported mailbox size and quotas to a CSV file  for him. This should work for both Exchange Server 2007 and 2010, here is how we did it:

First run a get mailbox command:

Get-Mailbox -ResultSize Unlimited

Then we add a pipe and a number of attributes we want to get:

Get-Mailbox -ResultSize Unlimited | Select-Object DisplayName, IssueWarningQuota, ProhibitSendQuota

We continue with adding two that performs Get-MailboxStatistics to receive attributes from the mailbox that the Get-Mailbox Cmdlet does not give us:

@{label=”TotalItemSize(MB)”;expression={(Get-MailboxStatistics $_).TotalItemSize.Value.ToMB()}} and @{label=”ItemCount”;expression={(Get-MailboxStatistics $_).ItemCount}}

Then we add another attribute that Get-Mailbox gives us:

Database

And to finish it off we export the results to a CSV file after another pipe:

| Export-Csv “UserMailboxSizes.csv” –NoTypeInformation

And the complete command again with all parts combined together:

Get-Mailbox -ResultSize Unlimited | Select-Object DisplayName, IssueWarningQuota, ProhibitSendQuota, @{label="TotalItemSize(MB)";expression={(Get-MailboxStatistics $_).TotalItemSize.Value.ToMB()}}, @{label="ItemCount";expression={(Get-MailboxStatistics $_).ItemCount}}, Database | Export-Csv "C:\Scripts\UserMailboxSizes.csv" -NoTypeInformation

This command can of course be modified and you can add other attributes or functions. In the following example I use where to get only the mailboxes that does not use the database default quota.

Where {$_.UseDatabaseQuotaDefaults -eq $false

And the complete command:

Get-Mailbox -ResultSize Unlimited | Where {$_.UseDatabaseQuotaDefaults -eq $false} | Select-Object DisplayName, IssueWarningQuota, ProhibitSendQuota, @{label="TotalItemSize(MB)";expression={(Get-MailboxStatistics $_).TotalItemSize.Value.ToMB()}}, @{label="ItemCount";expression={(Get-MailboxStatistics $_).ItemCount}}, Database | Export-Csv "C:\Scripts\UserMailboxSizes.csv" -NoTypeInformation

There you go, enjoy and do not hesitate to let me know if you have any questions!

Manage full access permissions on mailboxes in Exchange 2010

This is the updated version with a few additions and corrections based on both comments and new features added by Microsoft since my first post.

Grant permissions on a single mailbox

Use the following command to grant access to just one mailbox:

Add-MailboxPermission -Identity "" -User <UserorGroupIdentity> -AccessRights Fullaccess -InheritanceType all

Note: the User parameter can in fact be either users or groups, the parameter name “User” is a bit misleading!

Example:

Add-MailboxPermission -Identity "Test" -User Administrator -AccessRights Fullaccess -InheritanceType all

FullAccess1

Or If I want to add the security Group Group2:

Add-MailboxPermission -Identity "Test" -User Group2 -AccessRights Fullaccess -InheritanceType all

fullaccess01

Grant permissions on all mailboxes

Use the following command to grant access to all mailboxes:

Get-Mailbox | Add-MailboxPermission -User <UserorGroupIdentity> -AccessRights Fullaccess -InheritanceType all

Example:

Get-Mailbox | Add-MailboxPermission -User Administrator -AccessRights Fullaccess -InheritanceType all

Note: In the screenshot below I received a message saying that Administrator already have access to the mailbox Test (Yellow text message).

FullAccess2

Grant permissions on mailboxes using Where

We might as well add a where to the command while we are at it. With this command we grant access to all mailboxes in a specific OU:

Get-Mailbox | Where { $_.OrganizationalUnit -eq “” } | Add-MailboxPermission -User <UserorGroupIdentity> -AccessRights Fullaccess -InheritanceType all

Example:

Get-Mailbox | Where { $_.OrganizationalUnit -eq “sundis.local/Test/Users” } | Add-MailboxPermission -User Administrator -AccessRights Fullaccess -InheritanceType all

FullAccess3

 

Remove permissions on a single mailbox

Quite simple, just change Add to Remove:

Remove-MailboxPermission -Identity "" -User <UserorGroupIdentity> -AccessRights Fullaccess -InheritanceType all

Example:

Remove-MailboxPermission -Identity "Test" -User Administrator -AccessRights Fullaccess -InheritanceType all

FullAccess4

Remove permissions on all mailboxes

Well you have probably figured this one out already, but I will show it to you anyway:

Get-Mailbox | Remove-MailboxPermission -User <UserorGroupIdentity> -AccessRights Fullaccess -InheritanceType all

Example:

Get-Mailbox | Remove-MailboxPermission -User Administrator -AccessRights Fullaccess -InheritanceType all

Note: As you can se below, using this command will remove the users full access to its own mailbox. That is not good, this command should be used with care…

FullAccess5

How to configure the rights assignment to apply on new mailboxes automatically

This can be done using one of three methods, you can add permissions using EMS or ADSIEdit.

Using EMS method 1 (recommended)

With this method we grant permissions on the databases container in the configuration Naming context using the following PowerShell command:

Add-AdPermission -Identity “CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<DomainName>,DC=<TopDomain>” -User <UserorGroupIdentity> -InheritedObjectType msExchPrivateMDB -AccessRights ExtendedRight -ExtendedRights Receive-As,Send-As -inheritanceType Descendents

If we brake this up a bit we can se that the Identity is in fact the Distinguished Name of the Databases container:

“CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<DomainName>,DC=<TopDomain>”

The InheritedObjectType parameter specifies what kind of object inherits this access control entry, in this case it is only Exchange Mailbox Databases:

-InheritedObjectType msExchPrivateMDB

Then we grant Receive-As permissions. Granting Receive As and  Send As permission to a mailbox database, the user can log on to all mailboxes within that database, and send mail from those mailboxes:

-AccessRights ExtendedRight -ExtendedRights Receive-As,Send-As

And finally we set the inheritance type to Descendents:

-inheritanceType Descendents

Example:

Add-AdPermission -Identity “CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=sundis,DC=local” -User test8 -InheritedObjectType msExchPrivateMDB -AccessRights ExtendedRight -ExtendedRights Receive-As,Send-As
 -inheritanceType Descendents

fullaccess10

Reference: http://theessentialexchange.com/blogs/michael/archive/2009/09/29/exchange-server-2010-administrative-access-to-all-mailboxes.aspx

Using EMS method 2

With method two we use a pipe to set the permission on each mailbox database with the following command:

Get-Mailboxdatabase | Add-ADPermission -User <UserorGroupIdentity> -AccessRights ExtendedRight -ExtendedRights Receive-As,Send-As

Example:

Get-Mailboxdatabase | Add-ADPermission -User test3 -AccessRights ExtendedRight -ExtendedRights Receive-As,Send-As

fullaccess03

Granting Receive As and Send As permission to a mailbox database, the user can log on to all mailboxes within that database, and send mail from those mailboxes.

Using ADSIEdit

There are also the ADSIEdit way of addressing the problem. I will give you a description on what you need to do but I STRONGLY recommend you to have a look at Michaels post instead. That said, here you go…

Open ADSIEdit, Right click ADSIEdit and choose Connect to.

fullaccess02

Select the Configuration Naming Context and click Ok
fullaccess04

Navigate to Configuration/Services/Microsoft Exchange/<OrganisationName>/Administrative Groups/Exchange Administrative Group (FYDIBOHF23SPDLT).

fullaccess05

Right Click the Databases folder and choose Properties.

fullaccess06

Click on the Security tab and click Add.

fullaccess07

Enter the users or groups that you want to add and then click Ok.

fullaccess08

Make sure that the added users or groups is selected, check the Allow box for Full control for each user or group, then click Ok to close the window and now we are finished with ADSIEdit.

fullaccess09

This adds permissions to all databases. If you want to edit the permissions for a specific database you can open the Databases folder and open Properties for the database you want to configure.

A final note: Full Access or Receive As permissions are granted next time the Microsoft Exchange Information Store service caches the permissions and updates the cache. To grant the permissions immediately, stop and then restart the Microsoft Exchange Information Store service.

Thanks for reading, I hope that you found it useful and please let me know if you have any questions!

Increase the number of simultaneous mailbox moves

Yesterday I did a mailbox migration for a customer and it hit me that I have never shared this tip with you before. By default Exchange 2010 allows 2 simultaneous mailbox moves to run. When you perform a migration of many mailboxes you might want to increase this number. Here is how you do it:

    1. Open explorer on the Exchange server and navigate to C:\Program Files\Microsoft\Exchange Server\V14\Bin (This is the default path, the path on your server might be different)
    2. Make a backup copy of the file MSExchangeMailboxReplication.exe.config. I have a habit of creating a file copy and naming it <filename>_backup but that’s just my approach.
    3. Use your favorite text editor and open MSExchangeMailboxReplication.exe.config.
    4. Find the following part in the file:
      <MRSConfiguration
      MaxRetries = “60”
      MaxCleanupRetries = “5”
      MaxStallRetryPeriod = “00:15:00”
      RetryDelay = “00:00:30”
      MaxMoveHistoryLength = “2”
      MaxActiveMovesPerSourceMDB = “5”
      MaxActiveMovesPerTargetMDB = “2”
      MaxActiveMovesPerSourceServer = “50”
      MaxActiveMovesPerTargetServer = “5”
      MaxTotalMovesPerMRS = “100”
      FullScanMoveJobsPollingPeriod = “00:10:00”
      MinimumTimeBeforePickingJobsFromSameDatabase = “00:00:04”
      ServerCountsNotOlderThan = “00:10:00”
      MRSAbandonedMoveJobDetectionTime = “01:00:00”
      BackoffIntervalForProxyConnectionLimitReached = “00:30:00”
      DataGuaranteeCheckPeriod = “00:00:10”
      DataGuaranteeTimeout = “00:30:00”
      DataGuaranteeLogRollDelay = “00:01:00”
      EnableDataGuaranteeCheck = “true”
      DisableMrsProxyCompression = “false”
      DisableMrsProxyBuffering = “false”
      MinBatchSize = “100”
      MinBatchSizeKB = “256” />
      </configuration>
    5. Change the following parameters to match you requirements:
      MaxActiveMovesPerSourceMDB = “5”
      MaxActiveMovesPerTargetMDB = “2”
      MaxActiveMovesPerSourceServer = “50”
      MaxActiveMovesPerTargetServer = “5”
      MaxTotalMovesPerMRS = “100”
    6. Feel free to look through the rest of the parameters in this file, you will see that there is plenty more parameters you can change.
    7. Restart the Mailbox Replication service using the following command: Restart-Service MSExchangeMailboxReplication

Please note that changing these values and allowing more simultaneous mailbox moves etc. increases the load on the server. Change these values with care and do not add extremely high numbers. As a final note, this is not the only thing affecting moves, server performance is a big part of it and especially disk performance. So even if you change these values you might not get a better result.

Thanks for reading and do not hesitate to let me know if you run in to any problems!

Change a resource mailbox booking window in Exchange 2010

This is a follow-up on my post on the same topic for Exchange 2007. This post will explain how to change the Booking Windows for a resource mailbox in Exchange Server 2010. This value is set to 180 days by default and many organizations find this a bit low.

In Exchange Server 2010 we use the following command to change this setting:
Set-CalendarProcessing "<ResourceMailboxName>" -BookingWindowInDays <NumberOfDays>

Example:
Set-CalendarProcessing "test3" -BookingWindowInDays 365

Calendarprocessing1

If you want to set this for all room mailboxes at once use the following command:
Get-Mailbox | Where {$_.RecipientTypeDetails -eq "RoomMailbox"} | Set-CalendarProcessing -BookingWindowInDays 365

Calendarprocessing2

You can verify the settings using the following commands:
Get-CalendarProcessing "test3" | FL Identity,BookingWindowInDays

Calendarprocessing3

For all room mailboxes:
Get-Mailbox | Where {$_.RecipientTypeDetails -eq "RoomMailbox"} | Get-CalendarProcessing | FL Identity,BookingWindowInDays

Calendarprocessing4

Thanks for reading, let me know if you have any questions!

My post on the same topic for Exchange 2007 can be found here!

Error when doing export-mailbox and import-mailbox in Exchange Server 2010

I just got a question from a customer that was trying to import a number of pst files to to Exchange 2010. This is the error message they received:

Error:
Error was found for user@domain.com because: Error occurred in the step: Approving object. An unknown error
has occurred., error code: -2147221219
    + CategoryInfo          : InvalidOperation: (0:Int32) [Import-Mailbox], RecipientTaskException
    + FullyQualifiedErrorId : CFFD629B,Microsoft.Exchange.Management.RecipientTasks.ImportMailbox

There is a known bug in Exchange 2010 that causes export-mailbox and import-mailbox commands to fail on an Exchange Server that has both the CAS and Mailbox role installed.

To solve this you can either do the import/export via Outlook or install a separate Exchange 2010 server. Make sure that you only install the Mailbox role together with Outlook 2010 64-bit on this server.

When you are done, or the bug is fixed, you can uninstall the temporary import/export server using add/remove programs. This will remove Exchange from the server as well as remove all information regarding the server in Active Directory.

According to Microsoft Support this issue is expected to be fixed in update rollup 5 of Exchange 2010 server. I have also seen posts about a fix in Service Pack 1 so time will tell… Good luck and please don’t hesitate to let me know if you run in to any other issues.